Quote:According to a copy of a draft executive order on cybersecurity obtained by the Associated Press (AP), President Obama will soon order “U.S. spy agencies to share the latest intelligence about cyberthreats with companies operating electric grids, water plants, railroads and other vital industries to help protect them from electronic attacks.”

For some time, government officials have insisted that Iran is planning a cyberattack on the electronic communications infrastructure of the United States. The AP reports that Defense Secretary Leon Panetta said that the U.S. armed forces are “ready to retaliate” should Iran — or any other country — attempt an attack on U.S. cybersecurity.

Promises of the White House’s imminent issuing of the edict have been coming for months. The AP reports that regardless of the latest leak, “the White House declined to say when the president will sign the order.”

On September 19, Department of Homeland Security Secretary Janet Napolitano said the executive order granting the president sweeping power over the Internet is “close to completion.”

In testimony before the Senate Committee on Homeland Security and Governmental Affairs, Napolitano said that the order is still “being drafted” and vetted by various high-level bureaucrats. But she also indicated that it would be issued as soon as a “few issues” were resolved. Assuming control of the nation’s Internet infrastructure is a DHS responsibility, Napolitano added.

“DHS is the Federal government’s lead agency for securing civilian government computer systems and works with our industry and Federal, state, local, tribal, and territorial government partners to secure critical infrastructure and information systems,” she informed senators.

Napolitano’s report on the role of DHS squares with the information revealed in the seven-page version of the order the AP has read. According to the report of their findings:

The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target. With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems.

The new draft, which is not dated, retains a section that requires Homeland Security to identify the vital systems that, if hit by cyberattack, could "reasonably result in a debilitating impact" on national and economic security.

Other sections establish a program to encourage companies to adopt voluntary security standards and direct federal agencies to determine whether existing cyber security regulations are adequate.

[b]The president’s de facto re-routing of all Internet traffic through federal intelligence officers deputizes more than just DHS as cybertraffic cops.[/b]

The AP reports that “the Pentagon, the National Security Agency (NSA), the director of national intelligence, and the Justice Department” will all cooperate in the surveillance — in the name of national security, of course.

Corporate employees will be authorized to snoop, as well. Per the AP’s reading of the draft executive order, “selected employees at critical infrastructure companies would receive security clearances allowing them to receive the information.

As for those companies considered less critical to our national cybersecurity, “the government would ask businesses to tell the government about cyberthreats or cyberattacks. There would be no requirement to do so.”

Given the history of the federal government’s penchant for vague language, however, it is likely that despite the denial of compulsory cooperation with the government there will be a loophole just large enough to mandate private cooperation with the federal government.

Although the president and officials in his administration portray the attack as imminent, Congress isn’t persuaded, and on several occasions lawmakers have rejected measures calling for greater government control over the Internet and the communications infrastructure.

The president claims that this legislative lassitude is forcing him to bypass the Constitution and act alone to protect the country from cyberattacks. Once Barack Obama signs his name to this edict and assuming compliance with its mandates changes from voluntary to involuntary, he will possess powers only dreamed about by the most ambitious dictators of history.

“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed. Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that," White House Press Secretary Jay Carney said in an email reported by The Hill.

The demise of the bill in the Senate was not unforeseen. As The New American reported in July:

The Cybersecurity Act of 2012 has been the subject of some criticism as privacy advocates feared that the bill would pose too many threats to the constitutional rights of the American people.

Likewise, the U.S. Chamber of Commerce and IBM sent out letters to show their opposition for the original bill, asserting that it would overwhelm the industry with regulations.

In response to the criticism, Senator Lieberman reformed the original bill.

For example, the updated version of the bill reflects changes to the provision to assign the Department of Homeland Security the role of creating mandatory cybersecurity standards for infrastructure industries.

The newer version of the bill does not include language for “mandatory, regulatory sections,” but still requires a creation of industry best practice standards for the purposes of protecting critical infrastructure, but rather than making the adoption of those standards mandatory, the owners of the critical infrastructure adopt “voluntary” standards. The bill offers incentives to adopt those standards, such as liability protection, and access to threat information.

Some contend that the revisions are not ideal, however, as it gives the government the power to deny threat information to critical infrastructure owners who choose not to comply with the voluntary standards. Likewise, the incentives are too insignificant to fully incentivize any company to adopt the standards.

This will be the best security for maintaining our liberties. A nation of well-informed men who have been taught to know and prize the rights which God has given them cannot be enslaved. It is in the religion of ignorance that tyranny begins. -Ben Franklin

I'm honestly suprised that the internet has stayed as free as it has over the last 10 years. As we saw with the Arab Spring, the internet and social media are very dangerous to Governments and I'm sure that they will continue to work to mitigate that threat. I look forward to the day that most Americans realize that the Government is not their friend and is not looking out for their best interests. Judging by the average American I will be waiting a long time.

On a side note. If we have evidence that Iran and/or China are responsible for cyber attacks then why don't we fight back? They are reliant on computers as well. Maybe not to the extent that we are but still we could hurt them. Why don't we shut down Iran's electrical grid for a few days? Why don't we hack China's defense computers or banking system and screw up their logistics/accounting?

Deal_me_in;29742 Wrote:On a side note. If we have evidence that Iran and/or China are responsible for cyber attacks then why don't we fight back? They are reliant on computers as well. Maybe not to the extent that we are but still we could hurt them. Why don't we shut down Iran's electrical grid for a few days? Why don't we hack China's defense computers or banking system and screw up their logistics/accounting?

Maybe they are smart enough to keep their critical data and programs on computers that are not accessible via the internet. (Something our government just can't seem to grasp)

Deal_me_in;29742 Wrote:On a side note. If we have evidence that Iran and/or China are responsible for cyber attacks then why don't we fight back? They are reliant on computers as well. Maybe not to the extent that we are but still we could hurt them. Why don't we shut down Iran's electrical grid for a few days? Why don't we hack China's defense computers or banking system and screw up their logistics/accounting?

Maybe they are smart enough to keep their critical data and programs on computers that are not accessible via the internet. (Something our government just can't seem to grasp)

How much do you lose in effectiveness, efficiency and capability by having your critical information in computers that aren't accessible to the internet? It seems to me that being connected to the internet makes computer systems much more effective, but I know next to nothing about computers so I could be way off base.

Shadowline;29751 Wrote:Maybe they are smart enough to keep their critical data and programs on computers that are not accessible via the internet. (Something our government just can't seem to grasp)

How much do you lose in effectiveness, efficiency and capability by having your critical information in computers that aren't accessible to the internet? It seems to me that being connected to the internet makes computer systems much more effective, but I know next to nothing about computers so I could be way off base.

Depends on the application and the use of those systems. Not every computer needs to be connected to the internet, especially those that are mission critical. Those that do are not usually directly connected to the internet, they are connected via proxy and through required ports with unnecessary ports being closed. Used to be in the old days, a NAT'ed firewall was all that was needed. Now thats just the first step.

Networks were set up with multiple VLANS with limited traversal, some set up as honey pots. I havent played with one of those in a while.

Used to be that screwing around with a network/site wasnt considered a felony, but now with the Patriot Act and Cyber Security, you face some Club Fed time.

All network traffic is traceable. Even those that use privacy proxies. If an ISP is hard pressed, they can and have provided investigators with all sorts of traffic logs. The ability to seize control of cyber space, an internet "kill switch", was set in 2011 BTW.

Deal_me_in;29756 Wrote:How much do you lose in effectiveness, efficiency and capability by having your critical information in computers that aren't accessible to the internet? It seems to me that being connected to the internet makes computer systems much more effective, but I know next to nothing about computers so I could be way off base.

Depends on the application and the use of those systems. Not every computer needs to be connected to the internet, especially those that are mission critical. Those that do are not usually directly connected to the internet, they are connected via proxy and through required ports with unnecessary ports being closed. Used to be in the old days, a NAT'ed firewall was all that was needed. Now thats just the first step.

Networks were set up with multiple VLANS with limited traversal, some set up as honey pots. I havent played with one of those in a while.

Used to be that screwing around with a network/site wasnt considered a felony, but now with the Patriot Act and Cyber Security, you face some Club Fed time.

All network traffic is traceable. Even those that use privacy proxies. If an ISP is hard pressed, they can and have provided investigators with all sorts of traffic logs. The ability to seize control of cyber space, an internet "kill switch", was set in 2011 BTW.

I knew somone would come along to share some knowledge (even though I'm such a layman it's still difficult to grasp the details), thanks. In your informed opinion, could we successfully attack Iranian or Chinese systems? How likely is it that their defenses are better than ours? It just seems like if they can get to our banking system or hack our defense department we could return the favor.

Deal_me_in;29742 Wrote:On a side note. If we have evidence that Iran and/or China are responsible for cyber attacks then why don't we fight back? They are reliant on computers as well. Maybe not to the extent that we are but still we could hurt them. Why don't we shut down Iran's electrical grid for a few days? Why don't we hack China's defense computers or banking system and screw up their logistics/accounting?

And the reason we don't fight back is because WE aren't in charge of US. If WE were, Benghazi would have a few less buildings right now, ask Reagan how its done. Can't expect that from the current joke-in-chief or what seems to be the thinking of half this country.

"What you're feeling now ain't the worst pain. The worst thing is not feeling the hurt anymore."

Spacemanvic;29758 Wrote:Depends on the application and the use of those systems. Not every computer needs to be connected to the internet, especially those that are mission critical. Those that do are not usually directly connected to the internet, they are connected via proxy and through required ports with unnecessary ports being closed. Used to be in the old days, a NAT'ed firewall was all that was needed. Now thats just the first step.

Networks were set up with multiple VLANS with limited traversal, some set up as honey pots. I havent played with one of those in a while.

Used to be that screwing around with a network/site wasnt considered a felony, but now with the Patriot Act and Cyber Security, you face some Club Fed time.

All network traffic is traceable. Even those that use privacy proxies. If an ISP is hard pressed, they can and have provided investigators with all sorts of traffic logs. The ability to seize control of cyber space, an internet "kill switch", was set in 2011 BTW.

I knew somone would come along to share some knowledge (even though I'm such a layman it's still difficult to grasp the details), thanks. In your informed opinion, could we successfully attack Iranian or Chinese systems? How likely is it that their defenses are better than ours? It just seems like if they can get to our banking system or hack our defense department we could return the favor.

They and we can and have.

Israel and the US developed the Stuxnet Virus to attack Iranian centrifuges to slow down Irans nuclear program. It was initially delivered via a USB stick to non-internet connected systems BTW.

Iran returned the favor by reverse engineering the Flame Virus (a virus that effected Irans oil production) into something called Shamoon to attack US banks.

Most countries have cyber warfare units in their military for at least the last 30 years. They dont advertise it much because it isnt sexy to have programmers and servers march in formation review.

Deal_me_in;29742 Wrote:On a side note. If we have evidence that Iran and/or China are responsible for cyber attacks then why don't we fight back? They are reliant on computers as well. Maybe not to the extent that we are but still we could hurt them. Why don't we shut down Iran's electrical grid for a few days? Why don't we hack China's defense computers or banking system and screw up their logistics/accounting?

And the reason we don't fight back is because WE aren't in charge of US. If WE were, Benghazi would have a few less buildings right now, ask Reagan how its done. Can't expect that from the current joke-in-chief or what seems to be the thinking of half this country.

You'd rather not partake in a retaliatory cyber attack (terrorism), but blowing people to bits is cool. Got it.

Don't worry, I'm sure Romney will get elected and we'll kill some brown people soon enough. I know it's tough, but be patient.